Security Vulnerability: Go Package: github.com/Azure/go-autorest/autorest/azure/auth - End of Life Notification (EOL)

[shwethadec01]

Dear KEDA Team,

We have identified below security vulnerability reported in the following images:

container:

• kedacore/keda:2.17.2
• kedacore/keda-metrics-apiserver:2.17.2

vulnerabilities:

• Go Package: github.com/Azure/go-autorest/autorest/azure/auth - End of Life Notification (EOL)

• 'The Go Programming Language' (stdlib) with Version=1.23.4 EOL=False

Kindly have a look at this issue and address the vulnerability in a future release.

Thanks in advance

[rlanhellas]

Golang update to 1.24.x will be released soon, on keda 2.8.0. The lib github.com/Azure/go-autorest/autorest/azure/auth I will take a look.

@rickbrouwer , @JorTurFer , @zroubalik , please assign it to me.

[JorTurFer]

1.24 update is already covered here -> #7105

[rlanhellas]

@JorTurFer , I believe the github.com/Azure/go-autorest/autorest/azure/auth dependency wasn't update. It has a migration specific guide btw, because we need to change to a new library which supports Microsoft Entra ID

[JorTurFer]

no, Auzure autorest has to be migrated too. Are you interested in that part?

[rlanhellas]

@JorTurFer , yes I'm

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.

[rlanhellas]

it isn't stale, i'm on it.